The Department of Homeland Security (DHS) has been working in secret for more than two weeks with the private sector to fix a major Internet vulnerability that could have had disastrous consequences for millions of businesses and the U.S. military. Since Feb. 14, the DHS and the White House Office of Cyberspace Security have been working with Atlanta-based Internet Security Systems (ISS) to alert IT vendors and the business community about a major buffer overflow vulnerability in the sendmail mail transfer agent (MTA). Sendmail is the most common MTA and handles between 50% and 75% of all Internet e-mail traffic. Versions of the software, from 5.79 to 8.12.7, are vulnerable, according to an ISS alert issued publicly today. According to sources familiar with the investigation, ISS discovered the vulnerability on Feb. 13. It then contacted the homeland security officials, who began the process of alerting IT vendors that distribute sendmail, including Sun Microsystems Inc., IBM, Hewlett-Packard Co. and Silicon Graphics Inc., as well as the Sendmail Consortium, the organization that develops the open-source version of sendmail that is distributed with both free and commercial operating systems. The seriousness of the vulnerability, coupled with the fact that the hacker community wasn’t yet aware of it, caused the government and ISS to decide it was better to keep the news under wraps until patches could be developed. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.